January 20th, 2011, 10:29 PM
I'm not sure. I mean every time you include a new character set you increase the possibilities exponentially. Just for argument's sake, we'll say the first character set contains five characters, as does the second. If you use only the first, the number of possible combinations would be 5x4x3x2. If you use both of them, the possible combinations becomes 10x9x8x7x6x5x4x3x2
January 20th, 2011, 11:05 PM
Yes, but if your password is only one character then there are 5 possibilities in the first instance and 10 in the second.
I can't remember the math, but with a password you have replacement (the same character can be used more than once) and it is ordered (the characters have to be in the correct sequence).
I would say that for any given character set, a longer password has to be be more difficult to brute force than a shorter one.
January 21st, 2011, 01:29 AM
Where did you get this from?
If you use only the first, the number of possible combinations would be 5x4x3x2. If you use both of them, the possible combinations becomes 10x9x8x7x6x5x4x3x2
We are not calculating 'combinations' by definition, if I am not mistaken. Combinations and permutations imply that there is no repetition.
Obviously when dealing with passwords repitition becomes possible, so we cannot use these standard methods of calculations. However, this doesn't make it any more complicated. Lets say you're just dealing with numbers to keep the calculations easier. 0-9 gives 10 possibilities, so for a one digit number, naturally you would have 10 possibilities. When you move to two decimal places it becomes 10*10+10, with the 10 additional digits including the one digit passwords, making 110 possibilities. So its:
for those that haven't taken calc 2, or just plain aren't good at math, as N increases, it will have more effect than X increasing by the same amount, on the equation as a whole. This is because the N is an exponent and the X is a base.
So mathematically speaking,
is correct. But remember, if you add a symbol, you're not adding one unit to complexity, because the cracking tables add either 14 or 28 characters to complexity, not 1 or 2. This skews the math. So it really depends on the situation. For example, say you have a password that is 3 numbers (1110 possibilities). You can either add another number or increase complexity by adding a letter. 4 numbers is (11110), but 3 letters and numbers is (47988). So ultimately, it depends on multiple things, like how you look at the math, what your definition of "increasing complexity" is (whether it be one more possibility, or a whole new character set), and what length you are adding. But technically speaking, adding one to the length is stronger than adding one to the complexity.
This is quite interesting. As far as I am aware the length of a password takes precedent over its complexity, so I agree with the concept of packing a core.
Surprise. I'm nerdy. Haha. If anyone sees errors, feel free to point them out
By XTC46 in forum Site Feedback/Questions/Suggestions
Last Post: August 24th, 2005, 07:52 PM
By gore in forum The Security Tutorials Forum
Last Post: March 16th, 2005, 09:33 PM
By NeonWizard in forum The Security Tutorials Forum
Last Post: August 13th, 2004, 06:54 PM
By gore in forum Operating Systems
Last Post: March 7th, 2004, 07:02 AM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 07:01 AM